In a staggering revelation that has sent shockwaves through the corridors of the European Parliament, forensic analysis has confirmed that Stelios Kouloglou, a former Member of the European Parliament (MEP) and a key figure in the investigation into illicit digital surveillance, was himself a victim of the very technology he was tasked with scrutinizing.
For years, the Pegasus spyware—a sophisticated, military-grade cyber-weapon developed by the Israeli firm NSO Group—has been the subject of international outcry. Capable of turning a smartphone into a 24-hour surveillance device by hijacking cameras, microphones, and encrypted messaging applications, Pegasus has been linked to the targeting of journalists, human rights defenders, and heads of state. Now, the discovery that a member of the European Parliament’s PEGA Committee (the inquiry body established to probe these exact abuses) was infected while conducting his official duties highlights a chilling new reality: the hunters have become the hunted.
A Chronology of Subversion
The timeline of the infiltration, uncovered by the University of Toronto’s Citizen Lab, suggests that the targeting of Kouloglou was not a random act of digital delinquency but a calculated effort to undermine the integrity of the PEGA Committee’s work.
The First Breach: A Vulnerable Moment
In the autumn of 2022, while the PEGA Committee was in the midst of critical hearings, Kouloglou found himself in the hospital for elective surgery. It was during this period of personal recovery—specifically on October 21, 2022—that his iPhone was first successfully compromised. The timing is particularly egregious, as it coincided with the committee’s intense focus on the broader Pegasus scandal, which had already rocked the European political establishment.
Adding a layer of dark irony to the incident, Kouloglou was visited in the hospital by Thanasis Koukakis, a Greek investigative journalist who had previously been a high-profile target of the Predator spyware. Whether the attackers were monitoring the proximity of these two individuals or simply timing their strike to coincide with the committee’s upcoming fact-finding missions to Greece and Cyprus, the intrusion marked the beginning of a sustained surveillance campaign.
The Second Strike: Sabotaging the Final Report
The pattern of abuse continued into the following year. Between March 6 and March 7, 2023, Kouloglou’s device was reinfected with the Pegasus payload. This period was pivotal for the PEGA Committee; the group was in the final stages of drafting its findings and conducting sensitive negotiations regarding the regulation of the spyware industry.
By the time the infection occurred, the committee was questioning representatives from companies deeply entrenched in the spyware trade. As Hannah Neumann, a fellow MEP who served on the committee, noted, the timing makes it "pretty obvious" that the attackers were not merely interested in the private life of an individual politician, but were actively seeking to intercept the internal strategy and confidential findings of the European Union’s legislative inquiry.
The Anatomy of the Attack
Pegasus is not a standard piece of malware. Since its discovery by Citizen Lab in 2016, it has evolved to exploit "zero-click" vulnerabilities—flaws in mobile operating systems that allow for infection without the user even clicking a malicious link. Once inside, the software provides the operator with god-like access: it can read WhatsApp messages, scrape contact lists, browse location history, and access photos.
Citizen Lab’s report notes that while they cannot definitively attribute the attack to a specific state actor, the signatures of the attack on Kouloglou mirror those used against Russian- and Belarusian-speaking activists and journalists. This suggests that the perpetrators possess high-level, state-funded resources. The breach potentially exposed the committee’s internal communications, violating the fundamental confidentiality requirements of the European Parliament and compromising the privacy of not only Kouloglou but the sources and whistleblowers who relied on the committee’s security.
Official Responses and the "Spyware Season"
The reaction from the political community has been one of indignation and alarm. "Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus—it was something really too reckless," Kouloglou told reporters. He described a profound sense of violation, noting that his personal life—his messages to family, children, and friends—had been laid bare for an unknown entity.
A Silence from the Top
Despite the gravity of the findings, NSO Group, the developer of the software, declined to comment on the specific allegations. The company has long maintained that it only sells its technology to "vetted" government agencies for the purpose of combating terrorism and serious crime. However, the recurring discovery of its software on the phones of democratic lawmakers suggests that the "vetting" process is either fundamentally flawed or being intentionally ignored.
Parliament’s Defensive Posture
The European Parliament has issued a guarded response. While a spokesperson stopped short of naming specific culprits, they emphasized that the institution provides a "spyware screening system" for all MEPs and has recently moved to adopt more stringent, expanded protections. However, many legislators remain unconvinced that these measures are sufficient to combat a threat that evolves faster than the bureaucratic response.
The Broader Implications: A Crisis for Democracy
The implications of this breach extend far beyond the privacy of one politician. The targeting of an EU investigator represents a direct assault on the rule of law and the independence of European institutions.
The Failure of Policy
Despite the publication of the "Pegasus Project"—an massive investigative effort by media outlets worldwide—and the subsequent PEGA Committee report, little has changed on the ground. Recommendations from the committee, which include the creation of an EU-based, specialized tech laboratory for forensic device analysis and a dedicated spyware taskforce, remain largely unfulfilled.
John Scott-Railton, a senior researcher at Citizen Lab, has been blunt in his assessment: "It’s open spyware season on Europe’s lawmakers. The European Parliament, national parliaments, nobody is prepared." He argues that Europe is currently facing a "mountain of abuses," and that the lack of institutional response is an embarrassment.
The AI Threat
The situation is poised to deteriorate further. Experts warn that the rise of Artificial Intelligence will "turbocharge" the mercenary spyware industry by lowering the costs and technical barriers to entry. If a mid-level government or private entity can purchase the ability to dismantle the digital privacy of a high-ranking lawmaker, the foundations of democratic discourse—which rely on secure communication—are severely threatened.
Conclusion: A Call for Urgent Reform
The targeting of Stelios Kouloglou is more than a breach of personal privacy; it is a symptom of a systemic failure in the global oversight of cyber-surveillance technology. While countries like the United States have begun to implement visa bans and sanctions against firms associated with mercenary spyware, the European Union has struggled to find a unified, decisive response.
As MEP Saskia Bricmont aptly put it, the use of such spyware is "a direct attack on the rule of law." For the victims, the damage is already done. For the European Parliament, the question is no longer whether they are being watched, but whether they have the political will to act before the next round of infections begins. The evidence is clear, the recommendations are on the table, and the clock is ticking. The only missing element in this ongoing saga is the action required to ensure that lawmakers can conduct their duties without the shadow of a surveillance state looming over their private conversations.





